libnm-crypto: add new option for no cryptography

For some embedded systems, no cryptography is required at all (e.g when
only using Ethernet).

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1108

8 files changed, 144 insertions, 7 deletions

diff --git a/Makefile.am b/Makefile.am
index ab06c6db6e..af6743ec82 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1471,6 +1471,24 @@ src_libnm_core_impl_libnm_crypto_nss_la_LIBADD = \
 	$(NSS_LIBS)
 endif
 
+if !WITH_GNUTLS
+if !WITH_NSS
+libnm_crypto_lib = src/libnm-core-impl/libnm-crypto-null.la
+else
+check_ltlibraries += src/libnm-core-impl/libnm-crypto-null.la
+endif
+else
+check_ltlibraries += src/libnm-core-impl/libnm-crypto-null.la
+endif
+
+src_libnm_core_impl_libnm_crypto_null_la_SOURCES = src/libnm-core-impl/nm-crypto-null.c
+src_libnm_core_impl_libnm_crypto_null_la_CPPFLAGS = \
+	$(src_libnm_core_impl_libnm_core_impl_la_CPPFLAGS)
+src_libnm_core_impl_libnm_crypto_null_la_LDFLAGS = \
+	$(src_libnm_core_impl_libnm_core_impl_la_LDFLAGS)
+src_libnm_core_impl_libnm_crypto_null_la_LIBADD = \
+	$(GLIB_LIBS)
+
 noinst_LTLIBRARIES += $(libnm_crypto_lib)
 
 ###############################################################################
diff --git a/NEWS b/NEWS
index 7b58fecf6e..c74319622e 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ USE AT YOUR OWN RISK.  NOT RECOMMENDED FOR PRODUCTION USE!
 
 * Wi-Fi hotspots will use a (stable) random channel number unless one is
   chosen manually.
+* libnm: add new dummy crypto backend "null" that does nothing.
 
 =============================================
 NetworkManager-1.36
diff --git a/configure.ac b/configure.ac
index 6146693c60..20f6502aaa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -716,7 +716,7 @@ AM_CONDITIONAL(HAVE_CRYPTO_GNUTLS, test "${have_crypto_gnutls}" = 'yes')
 AM_CONDITIONAL(HAVE_CRYPTO_NSS, test "${have_crypto_nss}" = 'yes')
 
 AC_ARG_WITH(crypto,
-            AS_HELP_STRING([--with-crypto=nss|gnutls],
+            AS_HELP_STRING([--with-crypto=nss|gnutls|null],
                            [Cryptography library to use for certificate and key operations]),
             with_crypto=$withval,
             with_crypto=nss)
@@ -728,8 +728,10 @@ elif test "$with_crypto" = 'gnutls'; then
 	if test "${have_crypto_gnutls}" != "yes"; then
 		AC_MSG_ERROR([No usable gnutls found for --with-crypto=gnutls])
 	fi
+elif test "$with_crypto" = 'null'; then
+	:
 else
-	AC_MSG_ERROR([Please choose either 'nss' or 'gnutls' for certificate and crypto operations])
+	AC_MSG_ERROR([Please choose either 'nss', 'gnutls' or 'null' for certificate and crypto operations])
 fi
 AM_CONDITIONAL(WITH_NSS, test "$with_crypto" = 'nss')
 AM_CONDITIONAL(WITH_GNUTLS, test "$with_crypto" = 'gnutls')
diff --git a/meson.build b/meson.build
index 2020a5a990..853afb7306 100644
--- a/meson.build
+++ b/meson.build
@@ -551,10 +551,11 @@ crypto = get_option('crypto')
 if crypto == 'nss'
     assert(crypto_nss_dep.found(), 'Requires nss crypto support')
     crypto_dep = crypto_nss_dep
-else
-    assert(crypto == 'gnutls', 'Unexpected setting "crypto=' + crypto + '"')
+elif crypto == 'gnutls'
     assert(crypto_gnutls_dep.found(), 'Requires gnutls crypto support')
     crypto_dep = crypto_gnutls_dep
+else
+    assert(crypto == 'null', 'Unexpected setting "crypto=' + crypto + '"')
 endif
 
 dbus_conf_dir = get_option('dbus_conf_dir')
diff --git a/meson_options.txt b/meson_options.txt
index cfebe44619..42f84711d0 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -71,6 +71,6 @@ option('valgrind', type: 'array', value: ['no'], description: 'Use valgrind to m
 option('valgrind_suppressions', type: 'string', value: '', description: 'Use specific valgrind suppression file')
 option('ld_gc', type: 'boolean', value: true, description: 'Enable garbage collection of unused symbols on linking')
 option('libpsl', type: 'boolean', value: true, description: 'Link against libpsl')
-option('crypto', type: 'combo', choices: ['nss', 'gnutls'], value: 'nss', description: 'Cryptography library to use for certificate and key operations')
+option('crypto', type: 'combo', choices: ['nss', 'gnutls', 'null'], value: 'nss', description: 'Cryptography library to use for certificate and key operations')
 option('qt', type: 'boolean', value: true, description: 'enable Qt examples')
 option('readline', type: 'combo', choices: ['auto', 'libreadline', 'libedit', 'none'], description: 'Using readline (auto) or libedit)')
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 76d20094d0..548ae5a1e7 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -74,6 +74,7 @@ src/libnm-core-aux-intern/nm-libnm-core-utils.c
 src/libnm-core-impl/nm-connection.c
 src/libnm-core-impl/nm-crypto-gnutls.c
 src/libnm-core-impl/nm-crypto-nss.c
+src/libnm-core-impl/nm-crypto-null.c
 src/libnm-core-impl/nm-crypto.c
 src/libnm-core-impl/nm-dbus-utils.c
 src/libnm-core-impl/nm-keyfile-utils.c
diff --git a/src/libnm-core-impl/meson.build b/src/libnm-core-impl/meson.build
index 2e1f175177..3ee044fe10 100644
--- a/src/libnm-core-impl/meson.build
+++ b/src/libnm-core-impl/meson.build
@@ -24,11 +24,21 @@ if crypto_gnutls_dep.found()
   )
 endif
 
+libnm_crypto_null = static_library(
+  'nm-crypto-null',
+  sources: 'nm-crypto-null.c',
+  dependencies: [
+    libnm_core_public_dep,
+  ],
+)
+
 if crypto == 'nss'
   libnm_crypto = libnm_crypto_nss
-else
-  assert(crypto == 'gnutls', 'Unexpected setting "crypto=' + crypto + '"')
+elif crypto == 'gnutls'
   libnm_crypto = libnm_crypto_gnutls
+else
+  assert(crypto == 'null', 'Unexpected setting "crypto=' + crypto + '"')
+  libnm_crypto = libnm_crypto_null
 endif
 
 libnm_core_settings_sources = files(
diff --git a/src/libnm-core-impl/nm-crypto-null.c b/src/libnm-core-impl/nm-crypto-null.c
new file mode 100644
index 0000000000..2f072257ec
--- /dev/null
+++ b/src/libnm-core-impl/nm-crypto-null.c
@@ -0,0 +1,104 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Christian Eggers <ceggers@arri.de>
+ * Copyright (C) 2020 - 2022 ARRI Lighting
+ */
+
+#include "libnm-glib-aux/nm-default-glib-i18n-lib.h"
+
+#include "nm-crypto-impl.h"
+
+#include "libnm-glib-aux/nm-secret-utils.h"
+#include "nm-errors.h"
+
+/*****************************************************************************/
+
+gboolean
+_nm_crypto_init(GError **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return FALSE;
+}
+
+guint8 *
+_nmtst_crypto_decrypt(NMCryptoCipherType cipher,
+                      const guint8      *data,
+                      gsize              data_len,
+                      const guint8      *iv,
+                      gsize              iv_len,
+                      const guint8      *key,
+                      gsize              key_len,
+                      gsize             *out_len,
+                      GError           **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return NULL;
+}
+
+guint8 *
+_nmtst_crypto_encrypt(NMCryptoCipherType cipher,
+                      const guint8      *data,
+                      gsize              data_len,
+                      const guint8      *iv,
+                      gsize              iv_len,
+                      const guint8      *key,
+                      gsize              key_len,
+                      gsize             *out_len,
+                      GError           **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return NULL;
+}
+
+gboolean
+_nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return FALSE;
+}
+
+gboolean
+_nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *password, GError **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return FALSE;
+}
+
+gboolean
+_nm_crypto_verify_pkcs8(const guint8 *data,
+                        gsize         data_len,
+                        gboolean      is_encrypted,
+                        const char   *password,
+                        GError      **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return FALSE;
+}
+
+gboolean
+_nm_crypto_randomize(void *buffer, gsize buffer_len, GError **error)
+{
+    g_set_error(error,
+                NM_CRYPTO_ERROR,
+                NM_CRYPTO_ERROR_FAILED,
+                _("Compiled without crypto support."));
+    return FALSE;
+}